White House report directs agencies to assess IT policy decisions to avoid ‘unacceptable’ cyber risk

A new White House report on federal IT modernization requires agencies to measure the impact of changes to policies relating to federal information technology, “to ensure that any proposed policy change does not introduce an unacceptable level of cybersecurity risk.”

The Office of Management and Budget and Department of Homeland Security are charged with updating existing metrics on cybersecurity to help agencies implement the report’s directives.

The report -- issued Wednesday -- directs federal agencies to prioritize upgrading IT...